Group Policy problem on 2003 network

By robsoni ·
All of a sudden my group policy is not being applied to new network users. I can copy a working OU object but the policies will not carry over to the new user. I've tried recreating policies etc but with no luck.

The main problem I'm having is that the shared desktop will not load up and new users tend to have more rights than they should - (being able to store docs on their desktop etc)The drives are mapped ok but this comes from a logon script.

I'm using roaming profiles but will be turning these off as soon as possible and going with folder redirection etc. Can anyone suggest
any kind of diagnostic I can try to see if the AD is ok and pinpoint the problem or a patch to ensure that usesr can at least pick up the shared desktop.



This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Clarify a little

by IC-IT In reply to Group Policy problem on 2 ...

What do you mean by you can copy an OU object?
Your new users should be in a common or by functional grouping OU. The GPO should already be linked to that OU.
If you add a new user OU, then all you should need to do is link the GPO to that OU.

How/(from) where is the Desktop being presented?
Do they have permissions to that location or to the startup script?

Collapse -

more info

by robsoni In reply to Clarify a little

Thanks for the reply.

If I create a new user from the template I started with (in the OU)it is not picking up the desktop and does not have the correct securty applied. If I copy a user(within the same OU) who's account is working propery and change the name/logon etc it still does not work.

The desktop is a shared folder and is configured through a GPO - user config - folder redirection. This GPO is the one that is attached to all my users. I've tried recreating the shared desktop folder and editing the GPO to pick up its new location but its not working. Permissions are the same as they have been so I'm confused as to why its stopped working.

Collapse -

Group Policy

by christianshiflet In reply to more info

From a desktop while logged in as a problem user (one who is not getting the policy applied) open a command prompt and type "GPRESULT". Let us know what that returns. I just recently had this issue. The policy was being blocked by av software for new users.

Collapse -


by robsoni In reply to Group Policy

The GPRESULT for a both (working and none working) users is identical.

Collapse -


by robsoni In reply to GPRESULT

I've also now tried disabling the AV on a machine and creating a new user etc but with no success.

Collapse -

I'm still not following how you are creating the account.

by Screen Gems In reply to more info

are you using a script to create the account and specify the OU the account should be placed in?

or are you simply creating an account in Active Directory under Active Directory Users and Computers?

If you are creating the account in Active Directory Users and Computers, the account is automatically placed in the domain default Users OU. If the GPO is linked to a different OU, then you have to move the user account out of the domain default Users OU to the OU that has the GPO linked to it.

Collapse -

Creating Accounts

by robsoni In reply to I'm still not following h ...

The accounts are created in Active Directory Users and Computers. The users are in the correct OU and have the correct GPO attached.

If I want to create a new user in an existing OU containing users who are not having problems.- new user and fill in details etc or copy an existing users account and change name etc.

This does not work - the new users have problems I described. This means that I can have both working and none working users in the same OU who are meant to have exactly the same accounts.

Basically there have been no major changes on my network but AD seems to have stopped working. No major Updates etc either.

Collapse -

check the log

by john.light In reply to Group Policy problem on 2 ...


Should show any problems.

Collapse -


by Wizard-09 In reply to check the log

Run a gpupdate from the command line, or use the gpupdate command in CMD to look for any issues, create a new OU, copy the GPO and apply it to the new OU add a user see how that goes for you also.

Hope this helps.

Collapse -

can also try

by mike In reply to Group Policy problem on 2 ...

try sfc /scannow to insure the windows files are intact (in the run box). If there is a problem, it will ask you for the install cd/dvd

Related Discussions

Related Forums